Skip to main content
SpringerLink
Log in
Book cover

International Conference on Trust and Trustworthy Computing

Trust 2012: Trust and Trustworthy Computing pp 219–238Cite as

SmartTokens: Delegable Access Control with NFC-Enabled Smartphones

  • Conference paper

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 7344))

Abstract

Today’s smartphones and tablets offer compelling computing and storage capabilities enabling a variety of mobile applications with rich functionality. The integration of new interfaces, in particular near field communication (NFC) opens new opportunities for new applications and business models, as the most recent trend in industry for payment and ticketing shows. These applications require storing and processing security-critical data on smartphones, making them attractive targets for a variety of attacks. The state of the art to enhance platform security concerns outsourcing security-critical computations to hardware-isolated Trusted Execution Environments (TrEE). However, since these TrEEs are used by software running in commodity operating systems, malware could impersonate the software and use the TrEE in an unintended way. Further, existing NFC-based access control solutions for smartphones are either not public or based on strong assumptions that are hard to achieve in practice. We present the design and implementation of a generic access control system for NFC-enabled smartphones based on a multi-level security architecture for smartphones. Our solution allows users to delegate their access rights and addresses the bandwidth constraints of NFC. Our prototype captures electronic access to facilities, such as entrances and offices, and binds NFC operations to a software-isolated TrEE established on the widely used Android smartphone operating system. We provide a formal security analysis of our protocols and evaluate the performance of our solution.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. VingCard Elsafe’s NFC locking solution wins prestigious gaming industry technology award, http://www.hotel-online.com/News/PR2011_3rd/Aug11_VingCardHOT.html

  2. Alves, T., Felton, D.: TrustZone: Integrated hardware and software security. Information Quaterly 3(4) (2004)

    Google Scholar 

  3. Azema, J., Fayad, G.: M-Shield mobile security technology: making wireless secure. Texas Instruments White Paper (2008), http://focus.ti.com/pdfs/wtbu/ti_mshield_whitepaper.pdf

  4. Bellare, M., Desai, A., Pointcheval, D., Rogaway, P.: Relations among Notions of Security for Public-Key Encryption Schemes. In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol. 1462, pp. 26–45. Springer, Heidelberg (1998)

    Google Scholar 

  5. Bellare, M., Namprempre, C.: Authenticated Encryption: Relations among Notions and Analysis of the Generic Composition Paradigm. In: Okamoto, T. (ed.) ASIACRYPT 2000. LNCS, vol. 1976, pp. 531–545. Springer, Heidelberg (2000)

    Chapter  Google Scholar 

  6. Bellare, M., Rogaway, P.: Random oracles are practical: A paradigm for designing efficient protocols. In: ACM Conference on Computer and Communications Security (ACM CCS), pp. 62–73. ACM, New York (1993)

    Chapter  Google Scholar 

  7. Brown, C.: NFC room keys find favour with hotel guests, http://www.nfcworld.com/2011/06/08/37869/nfc-room-keys-find-favour-with-hotel-guests/

  8. Bugiel, S., Davi, L., Dmitrienko, A., Fischer, T., Sadeghi, A.R.: Xmandroid: A new Android evolution to mitigate privilege escalation attacks. Technical Report TR-2011-04, Technische Universität Darmstadt (2011)

    Google Scholar 

  9. Bugiel, S., Davi, L., Dmitrienko, A., Fischer, T., Sadeghi, A.R., Shastry, B.: Towards taming privilege-escalation attacks on Android. In: 19th Annual Network & Distributed System Security Symposium, NDSS (2012)

    Google Scholar 

  10. Bugiel, S., Davi, L., Dmitrienko, A., Heuser, S., Sadeghi, A.R., Shastry, B.: Practical and lightweight domain isolation on Android. In: ACM CCS Workshop on Security and Privacy in Mobile Devices (SPSM). ACM Press (2011)

    Google Scholar 

  11. Bugiel, S., Dmitrienko, A., Kostiainen, K., Sadeghi, A.-R., Winandy, M.: TruWalletM: Secure Web Authentication on Mobile Platforms. In: Chen, L., Yung, M. (eds.) INTRUST 2010. LNCS, vol. 6802, pp. 219–236. Springer, Heidelberg (2011)

    Chapter  Google Scholar 

  12. Canetti, R., Krawczyk, H.: Analysis of Key-Exchange Protocols and Their Use for Building Secure Channels. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 453–474. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

  13. Chen, W., Hancke, G.P., Mayes, K.E., Lien, Y., Chiu, J.H.: NFC mobile transactions and authentication based on GSM network. In: International Workshop on Near Field Communication (NFC), pp. 83–89. IEEE Computer Society, Washington, DC (2010)

    Chapter  Google Scholar 

  14. Clark, S.: NXP launches NFC car key, http://www.nfcworld.com/2011/06/22/38196/nxp-launches-nfc-car-key/

  15. Clark, S.: VingCard launches NFC room key system for hotels, http://www.nfcworld.com/2011/06/28/38366/vingcard-launches-nfc-room-key-system-for-hotels/

  16. Costan, V., Sarmenta, L.F.G., van Dijk, M., Devadas, S.: The Trusted Execution Module: Commodity General-Purpose Trusted Computing. In: Grimaud, G., Standaert, F.-X. (eds.) CARDIS 2008. LNCS, vol. 5189, pp. 133–148. Springer, Heidelberg (2008)

    Chapter  Google Scholar 

  17. Davi, L., Dmitrienko, A., Kowalski, C., Winandy, M.: Trusted virtual domains on OKL4: Secure information sharing on smartphones. In: ACM Workshop on Scalable Trusted Computing (ACM STC). ACM Press (2011)

    Google Scholar 

  18. Dmitrienko, A., Sadeghi, A.R., Tamrakar, S., Wachsmann, C.: Smarttokens: Delegable access control with NFC-enabled smartphones (extended version). Cryptology ePrint Archive, Report 2012/187 (2012)

    Google Scholar 

  19. Gartner Inc.: (2011), http://www.gartner.com/it/page.jsp?id=1689814

  20. Gauthier, V.D., Wouters, K.M., Karahan, H., Preneel, B.: Offline NFC payments with electronic vouchers. In: ACM Workshop on Networking, Systems, and Applications for Mobile Handhelds (MobiHeld), pp. 25–30. ACM, New York (2009)

    Google Scholar 

  21. Ghìron, S.L., Sposato, S., Medaglia, C.M., Moroni, A.: NFC ticketing: A prototype and usability test of an NFC-based virtual ticketing application. In: International Workshop on Near Field Communication (NFC), pp. 45–50. IEEE Computer Society, Washington, DC (2009)

    Chapter  Google Scholar 

  22. Goldwasser, S., Micali, S.: Probabilistic encryption. Journal of Computer and System Sciences 28, 270–299 (1984)

    Article  MathSciNet  MATH  Google Scholar 

  23. Trusted Computing Group: TPM Main Specification, Version 1.2 rev. 103 (2007), https://www.trustedcomputinggroup.org

  24. Heiser, G., Leslie, B.: The OKL4 microvisor: Convergence point of microkernels and hypervisors. In: ACM Asia-pacific Workshop on Systems (APSys), pp. 19–24. ACM, New York (2010)

    Chapter  Google Scholar 

  25. Hutter, M., Toegl, R.: A trusted platform module for near field communication. In: International Conference on Systems and Networks Communications (ICSNC), pp. 136–141. IEEE Computer Society, Washington, DC (2010)

    Chapter  Google Scholar 

  26. Kadambi, K.S., Li, J., Karp, A.H.: Near-field communication-based secure mobile payment service. In: International Conference on Electronic Commerce (ICEC), pp. 142–151. ACM, New York (2009)

    Google Scholar 

  27. Kalman, G., Noll, J., UniK, K.: SIM as secure key storage in communication networks. In: International Conference on Wireless and Mobile Communications, ICWMC (2007)

    Google Scholar 

  28. Kostiainen, K., Asokan, N., Afanasyeva, A.: Towards User-Friendly Credential Transfer on Open Credential Platforms. In: Lopez, J., Tsudik, G. (eds.) ACNS 2011. LNCS, vol. 6715, pp. 395–412. Springer, Heidelberg (2011)

    Chapter  Google Scholar 

  29. Kostiainen, K., Ekberg, J.E., Asokan, N., Rantala, A.: On-board credentials with open provisioning. In: ACM Symposium on Information, Computer, and Communications Security (ASIACCS), pp. 104–115. ACM (2009)

    Google Scholar 

  30. Mantoro, T., Milisic, A.: Smart card authentication for Internet applications using NFC enabled phone. In: International Conference on Information and Communication Technology for the Muslim World, ICT4M (2010)

    Google Scholar 

  31. Massachusetts Institute of Technology: Kerberos: The network authentication protocol, http://web.mit.edu/kerberos/

  32. McAfee Labs: McAfee threats report: Second quarter (2011), http://www.mcafee.com/us/resources/reports/rp-quarterly-threat-q2-2011.pdf

  33. McAfee Labs: McAfee threats report: Third quarter (2011), http://www.mcafee.com/us/resources/reports/rp-quarterly-threat-q3-2011.pdf

  34. Noll, J., Lopez Calvet, J.C., Myksvoll, K.: Admittance services through mobile phone short messages. In: International Multi-Conference on Computing in the Global Information Technology, pp. 77–82. IEEE Computer Society, Washington, DC (2006)

    Google Scholar 

  35. Reveilhac, M., Pasquet, M.: Promising secure element alternatives for NFC technology. In: International Workshop on Near Field Communication (NFC), pp. 75–80. IEEE Computer Society, Washington, DC (2009)

    Chapter  Google Scholar 

  36. Robertson, T.: Eight industries that will benefit from NFC technology, https://www.x.com/devzone/articles/eight-industries-will-benefit-nfc-technology

  37. Rushby, J.M.: Design and verification of secure systems. In: ACM Symposium on Operating Systems Principles, SOPS (1981)

    Google Scholar 

  38. Shoup, V.: Sequences of games: A tool for taming complexity in security proofs. Cryptology ePrint Archive, Report 2004/332 (2004)

    Google Scholar 

  39. Soghoian, C., Aad, I.: Merx: Secure and Privacy Preserving Delegated Payments. In: Chen, L., Mitchell, C.J., Martin, A. (eds.) Trust 2009. LNCS, vol. 5471, pp. 217–239. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  40. Tamrakar, S., Ekberg, J.E., Asokan, N.: Identity verification schemes for public transport ticketing with NFC phones. In: ACM workshop on Scalable Trusted Computing (STC), pp. 37–48. ACM, New York (2011)

    Google Scholar 

  41. Telecom Innovation Laboratories: Mobile Wallet turns cell phones into digital car keys (2011), http://www.laboratories.telekom.com/public/English/Newsroom/news/Pages/digitaler_Autoschluessel_Mobile_Wallet.aspx

  42. Toegl, R., Hutter, M.: An approach to introducing locality in remote attestation using near field communications. J. Supercomput. 55(2), 207–227 (2011)

    Article  Google Scholar 

  43. Zhang, X., Acıiçmez, O., Seifert, J.P.: A trusted mobile phone reference architecture via secure kernel. In: ACM workshop on Scalable Trusted Computing (ACM STC), pp. 7–14. ACM, New York (2007)

    Chapter  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Fraunhofer SIT Darmstadt, Germany

    Alexandra Dmitrienko

  2. Technische Universität Darmstadt & Fraunhofer SIT Darmstadt, Germany

    Ahmad-Reza Sadeghi

  3. Aalto University School of Science, Finland

    Sandeep Tamrakar

  4. Technische Universität Darmstadt (CASED), Germany

    Christian Wachsmann

Authors
  1. Alexandra Dmitrienko
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Ahmad-Reza Sadeghi
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Sandeep Tamrakar
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Christian Wachsmann
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Computer Science, Technical University Darmstadt, Hochschulstrasse 10, 64289, Darmstadt, Germany

    Stefan Katzenbeisser  & Melanie Volkamer  & 

  2. Institute of Software Technology and Interactive Systems, Vienna University of Technology and SBA Research, Favoritenstrsse 9-11, 1040, Vienna, Austria

    Edgar Weippl

  3. School of Informatics, Indiana University, 901 East Tenth Street, 47405, Bloomington, IN, USA

    L. Jean Camp

  4. Department of Computer Science, University of North Carolina at Chapel Hill, 201 S. Columbia Street UNH-CH, 27599-3175, Chapel Hill, NC, USA

    Mike Reiter

  5. Huawei America R&D, 2330 Central Expressway, 95050, Santa Clara, CA, USA

    Xinwen Zhang

Rights and permissions

Reprints and permissions

Copyright information

© 2012 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Dmitrienko, A., Sadeghi, AR., Tamrakar, S., Wachsmann, C. (2012). SmartTokens: Delegable Access Control with NFC-Enabled Smartphones. In: Katzenbeisser, S., Weippl, E., Camp, L.J., Volkamer, M., Reiter, M., Zhang, X. (eds) Trust and Trustworthy Computing. Trust 2012. Lecture Notes in Computer Science, vol 7344. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-30921-2_13

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-30921-2_13

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-30920-5

  • Online ISBN: 978-3-642-30921-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation